Total CVEs

143,744

Critical Severity

4,091

High Severity

14,757

Last 7 Days

1,576
Quick preset (or use dates below)
Clear Filters
📅 Showing Year: 2026 (January 1 - December 31, 2026) View All Years →
Showing 641 - 660 of 1,590 CVEs
CVE-2026-7959 LOW - 3.1

Inappropriate implementation in Navigation in Google Chrome prior to 148.0.7778.96 allowed a remote attacker who had compromised the renderer process to bypass site isolation via a crafted HTML page. (Chromium security severity: Medium)

Vendor: google
Product: chrome
Published: May 06, 2026
Source: NVD
CVE-2026-7954 LOW - 3.1

Race in Shared Storage in Google Chrome prior to 148.0.7778.96 allowed a remote attacker who had compromised the renderer process to leak cross-origin data via a crafted HTML page. (Chromium security severity: Medium)

Vendor: google
Product: chrome
Published: May 06, 2026
Source: NVD
CVE-2026-7949 LOW - 3.1

Out of bounds read in Skia in Google Chrome prior to 148.0.7778.96 allowed a remote attacker who had compromised the renderer process to leak cross-origin data via a crafted Chrome Extension. (Chromium security severity: Medium)

Vendor: google
Product: chrome
Published: May 06, 2026
Source: NVD
CVE-2026-7945 LOW - 3.1

Insufficient validation of untrusted input in COOP in Google Chrome prior to 148.0.7778.96 allowed a remote attacker who had compromised the renderer process to bypass site isolation via a crafted HTML page. (Chromium security severity: Medium)

Vendor: google
Product: chrome
Published: May 06, 2026
Source: NVD
CVE-2026-7944 LOW - 3.1

Insufficient validation of untrusted input in Persistent Cache in Google Chrome prior to 148.0.7778.96 allowed a remote attacker who had compromised the renderer process to bypass site isolation via a crafted HTML page. (Chromium security severity: Medium)

Vendor: google
Product: chrome
Published: May 06, 2026
Source: NVD
CVE-2026-7937 LOW - 3.1

Insufficient policy enforcement in DevTools in Google Chrome prior to 148.0.7778.96 allowed an attacker who convinced a user to install a malicious extension to bypass navigation restrictions via a crafted Chrome Extension. (Chromium security severity: Medium)

Vendor: google
Product: chrome
Published: May 06, 2026
Source: NVD
CVE-2026-7909 LOW - 3.1

Inappropriate implementation in ServiceWorker in Google Chrome prior to 148.0.7778.96 allowed a remote attacker who had compromised the renderer process to bypass site isolation via a crafted HTML page. (Chromium security severity: High)

Vendor: google
Product: chrome
Published: May 06, 2026
Source: NVD

HCL BigFix Service Management (SM) is susceptible to a Root File System Not Mounted as Read-Only. An improperly configured root file system may allow unintended modifications to critical system components, potentially increasing the risk of system compromise or unauthorized changes.

Vendor: HCL Software
Product: BigFix Service Management (SM)
Published: May 06, 2026
Source: NVD
CVE-2026-8028 LOW - 3.7

A vulnerability was detected in FlowiseAI Flowise up to 3.0.12. This affects the function verify of the file packages/server/src/enterprise/services/account.service.ts of the component Endpoint. Performing a manipulation results in information disclosure. Remote exploitation of the attack is possibl...

Vendor: flowiseai
Product: flowise
Published: May 06, 2026
Source: NVD

HCL BigFix Service Management (SM) is affected by a security misconfiguration due to a missing or insecure “X-Content-Type-Options” header. This could allow browsers to perform MIME-type sniffing, potentially causing malicious content to be interpreted and executed incorrectly.

Vendor: HCL
Product: BigFix Service Management (SM)
Published: May 06, 2026
Source: NVD

HCL BigFix Service Management (SM) is affected by a security misconfiguration vulnerability due to CSP header. This could allow attackers to inject malicious scripts increasing the risk of cross-site scripting (XSS) and potential exposure of sensitive information.

Vendor: HCL
Product: BigFix Service Management (SM)
Published: May 06, 2026
Source: NVD

HCL BigFix Service Management (SM) had directories that were not linked or publicly visible but could be accessed directly. This could allow an increased risk of information disclosure or misuse of sensitive functionality.

Vendor: HCL Software
Product: BigFix Service Management (SM)
Published: May 06, 2026
Source: NVD

HCL BigFix Service Management (SM) is affected by an Information Disclosure – Server Banner issue was identified. Exposed server banners may reveal software versions and system details, potentially aiding attackers in targeting known vulnerabilities.

Vendor: HCL
Product: BigFix Service Management (SM)
Published: May 06, 2026
Source: NVD

HCL BigFix Service Management (SM) application fails to strip EXIF metadata from uploaded images. This could lead to confidentiality and privacy risks if sensitive location information is unintentionally shared. .

Vendor: HCL Software
Product: BigFix Service Management (SM)
Published: May 06, 2026
Source: NVD

HHCL BigFix Service Management (SM) is affected by a Cross‑Site Request Forgery (CSRF) vulnerability. This could lead to unauthorized changes or exposure of sensitive data.

Vendor: HCL Software
Product: BigFix Service Management (SM)
Published: May 06, 2026
Source: NVD
CVE-2026-8026 LOW - 3.7

A security flaw has been discovered in FlowiseAI Flowise up to 3.0.12. Affected is the function Login of the file packages/server/src/enterprise/services/account.service.ts of the component API Response Handler. The manipulation results in information disclosure. The attack can be launched remotely....

Vendor: flowiseai
Product: flowise
Published: May 06, 2026
Source: NVD

HCL BigFix RunBookAI is affected by a Continued availability of Less-Secure “Input Text” Vulnerability . A component contains a security weakness in its input handling implementation, increasing the risk of misconfiguration and operational errors.

Vendor: HCL
Product: BigFix RunBookAI
Published: May 06, 2026
Source: NVD

HCL DFXAnalytics is affected by an Insecure Security Header Configuration vulnerability where the application utilizes the outdated X-XSS-Protection header, which could allow an attacker to exploit browser-specific rendering flaws or bypass security controls that should instead be managed by a robus...

Vendor: HCL
Product: DFXAnalytics
Published: May 06, 2026
Source: NVD

HCL DFXAnalytics is affected by an Improper Error Handling vulnerability where the application exposes detailed stack traces in responses, which could allow an attacker to gain insights into the application's internal structure, code logic, and environment configurations.

Vendor: HCL
Product: DFXAnalytics
Published: May 06, 2026
Source: NVD

HCL DFXAnalytics is affected by an Insufficient Transport Layer Protection vulnerability where data is transmitted over the network without encryption, which could allow an attacker to compromise the confidentiality, integrity, and authentication of sensitive information.

Vendor: HCL
Product: DFXAnalytics
Published: May 06, 2026
Source: NVD